Explore Amazon Jobs

Sr. Hardware Security Engineer

Job ID: 626253 | Amazon Web Services, Inc.


Help us protect not only the Amazon Web Services (AWS) cloud computing environment but all of our customers as well! Since 2006, our great team at AWS has been enabling our customers to bring great ideas to life in ways that aren’t possible in traditional IT environments. With AWS you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them.

As a large and still rapidly growing business, AWS Security seeks out the very best security-minded individuals from around the world to help us protect not only the AWS cloud computing environment, but all of our customers as well.

AWS Security is looking for an experienced Senior Security Engineer, specializing in hardware technologies, to help ensure AWS services are designed and implemented to the highest possible security standards. You will be responsible for supporting AWS service teams in the secure design of services, including customer-facing services with hardware components such as AWS Snowball (https://aws.amazon.com/snowball/).

As the primary technical and strategic advocate for a variety of AWS-wide security initiatives, you will help internal and external partners to design from the beginning with security in mind.

This is not an entry-level position, and a confident understanding of hardware/firmware security and the ability to collaborate with other leaders across the industry are essential to success in this role. The Senior Security Engineer for this role is expected to be deeply familiar with multiple technical domains. In order to inform your recommendations and steer AWS in the right direction, you will often be called upon to provide direct, hands-on support for security assessments of networks, devices, and critical source code. Your skills and technical expertise will help us secure our networks, harden our software, evaluate the resiliency of our hardware, and ensure that we preserve the trust of millions of customers around the world.

A Senior Security Engineer must produce results in the face of ambiguity and imperfect knowledge, and foster constructive dialogue and seek resolution when confronted with disagreement. They are also expected to mentor more junior engineers and be security thought leaders for their organization. Amazon’s Leadership Principles of “Dive Deep”, “Earn Trust”, and “Customer Obsession” will be called upon daily, so a successful candidate will need a combination of technical and communication skills, as well as the ability to handle a mix of complex decisions while keeping customer security first!

Core Responsibilities:
* Provide hardware security expertise in support of AWS service teams
* Directly represent the team to business leaders and technical staff at all levels of the company
* Perform hands-on security threat modeling, risk assessment, and operational security analysis
* Prepare and present detailed, written technical information for internal and external audiences
* Demonstrate *exceptional* judgment, integrity, business acumen, and communication skills


* BS in Computer Science, Information Security, or related field, or equivalent work experience
* Demonstrated grasp of crypto basics (encryption, signing, certificates, SHA, AES, RSA, etc)
* Demonstrated grasp of basic network security (DHCP, DNS, SSH, ACLs, common ports)
* Minimum 1 year security assessment (penetration testing, network traffic analysis)
* Minimum 2 years of experience supporting teams with design input and security risk analysis
* Minimum 4 years of experience with two or more of the following categories:
-- IoT network technologies (Z-Wave, Zigbee, Bluetooth/BLE, WLAN, identity/auth security)
-- Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA)
-- x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, secure boot)
-- Local encryption and key management (LUKS, BitLocker, self-encrypting drives, etc)
-- PKI and code signing architecture (X.509, EV SSL, certificate pinning, OCSP, CRL, etc)


* 6+ years of experience in two or more of the categories above
* Excellent written and verbal communication skills, and ability to drive toward consensus
* Relevant industry certifications (CISSP, SANS/GIAC, CompTIA, Microsoft, Linux, AWS)
* Hands-on experience performing security assessments of hardware/embedded devices
* Some knowledge of recognized security standards (TCG, IEEE, NIST, FIPS, PCI-DSS)
* Some knowledge of hardware design (ROM/EEPROM, fuses, integrated circuits, NAND)
* Some knowledge of AWS core services (EC2, S3, IAM, Greengrass, Lambda, KMS, VPC)
* Intermediate knowledge of common security protocols (e.g. RDP, TLS, SNMP, SSH, IPMI)
* Intermediate knowledge of hardware cryptography (certificates, attestation, TPM/HSM)
* Intermediate knowledge of embedded/IoT solution design and security considerations
* Expert knowledge of security risk management and technical security mitigation controls